System Center Endpoint Protection 2012

Hi all and happy late new year…

Today I want to introduce a new software by Microsoft called System Center Endpoint Protection 2012 which is going to be released soon. This is a really good software helping you centralize the endpoint security in your environment. It will be used in conjunction with System Center Configuration Manager to bring a lot of exciting new security features. As far as the information about the product says, there are going to be endpoint clients distributed out to clients through which clients could be connected to and therefore managed by the central management console which is installed on a server.

One of the interesting features is that if there are already anti-virus applications installed on the client computers, the endpoint client applications will automatically remove all those third-party anti-virus or anti-spyware softwares and will install itself instead. SCEP 2012 will also provide support for non-Microsoft clients. All in all, SCEP 2012 will allow you to combine the two concepts of security management and client management. Usually one of them is missing in almost all the solutions we see in the market and Microsoft believes with SCEP 2012 they can bring both security and client management in the same window for the admins.

There has not been so much information about it yet but there is a great interview video you can watch here which is all about SCEP 2012.

You can also download the Release Candidate from this link.

Best Wishes

Identity Theft and its Huge Cost

Identity theft is a big threat for every one in the cyber world and each identity stolen is worth almost 5000$ for a criminal which is a pretty big number. But the question is how people are taking care of their identity?

As far as my memory helps me, when it comes to security, people only think of installing anti-viruses on their machines to protect them against any possible threats on the internet and they are fully unaware of the fact that there are tens of different ways that could put their identity at risk. The infographic below by Zonealarm shows different identity theft techniques and the valuable outcome for the thieves and of course the steps that need to be taken to hopefully get your ID back:

Windows 8 Picture Password

One of the new features of Windows 8 is the ability of the user to create a picture password which is quite interesting in its kind. Never before had we seen such functionality in an operating system and Microsoft seems to be very keen in improving the consumer security with such new features in its new operating system coming soon to the market.

Picture password allows you to use a picture instead of text to log in but how? It’s pretty easy and you just need to choose a picture from your computer for your user and then specify which parts of the picture would you like to tap and how many times, before the Windows will allow you to log in.

So every time you want to log in, you will see that picture asking you to tap for example three times on it so that you can log in provided that you have tapped the right places on the picture. Of course tapping is not only restricted to tapping your fingers simply on the screen surface but it will also allow you to draw shapes like lines, circles and etc. on the screen with every tap.

This is a great improvement in Windows and I quite loved the idea. This will make it way more difficult for malicious users to break in by cracking the password. The level of the difficulty in this type of password of course to a large extent depends on the number of taps on the picture and the gestures you have drawn and also some other factors.

Here is a great link through which you can get more information about this new feature.

How people look at your profile page ?!!

I don’t want to talk so much as the picture I have posted below talks enough about itself… This is how people look at your Facebook profile page. This information is based on a study conducted by eyetrackshop.com and it pretty much shows how people unwantedly care about your personal information.

If you want to see the result of the study on the profile pages of the other social networking websites, you can go to this link.

Cheers

Techinsights 2011 SEA – Hey you… Stay away from my network…

Hi everyone,

This is right after my second session on the second day of Techinsights 2011 South East Asia here in Kuala Lumpur, Malaysia. The title of this session was Hey You.. Stay away from my network…

I uploaded the slides for you to download:

Cheers

Techinsights 2011 SEA – Security from the Ground up to the Cloud

Hello folks,

A few hours ago I finished my presentation in Techinsights 2011 South East Asia and here I left the slides for you. I hope you will enjoy it

Tech Insights 2011 SEA

Tech Insights is a 3-year old conference happening on 16th and 17th of November which focuses on the most recent technologies (mostly on Microsoft actually) in the market. Like the previous year, I am speaking at this conference this year and I will be presenting two topics which are as below:

Security from the ground up to the cloud which is going to be about security in cloud computing and generally those security implications that people would like to know about when moving to the cloud. a lot of things related to cloud computing and its security will be talked about in this session of mine.

Hey you… Stay away from my network is going to be my next session on the second day of Tech Insights SEA 2011… I once had a similar session to this at ELITE annual event but this one is supposed to be more technical and I’m going to show people real live demos of tips and tricks hackers use to get into your network and then I will show you how to stay firm against them.

I hope I will see you at Tech Insights this year. If you are attending the event, do come to me and say Hi and I would be more than happy to have a cup of tea (not coffee seriously) with you. Right now we are less than a week away from the event but the registration is still in progress. This year’s conference will be held at Monash university in Sunway city in Malaysia. During the two days of the event, you will be able to meet and talk to the speakers and professionals speaking at Tech Insights and I promise it will be a great experience.

If you need more information about Tech Insights 2011 SEA please visit their website at this link.

Wish you a great weekend

Detecting Common Attacks using TMG Intrusion Detection

Apart from those complicated and advanced-level attacks that are targeted against every network every once in a while, there are common attacks that could be really troublesome. A lot of time this happens when people believe that their network does not contain any important data to even go under attack and when the attack occurs, they panic because they don’t expect it and in fact they have nothing to even stop this type of attacks.

Forefront Threat Management Gateway 2010 has an IDS (Intrusion Detection System) inside as one of its features that can detect many of these attacks. To access and configure this feature in TMG you need to go to Intrusion Prevention System and then click on Behavioral Intrusion Detection and first click on Configure Detection Settings for Common Network Attacks:

Here you can see a list of different types of attacks that if checked will be detected and a log will be created for them in the Monitoring section of the TMG. For instance if you check the Port Scan, you can specify the number of ports to be scanned before the TMG considers the traffic as a port scanning attack and can log it.

In the other tab, we can also detect different types of attacks against the DNS service:

Coming back to the Behavioral Intrusion Detection tab in TMG, you can also click on Configure IP Options Filtering to filter specific IP options that may be included in the IP packet’s header. Most IP options in the packer header are harmless but there are some of them that could indicate malicious traffic and must be checked. They are shown below in the picture. If there is any traffic containing these options in the packet header, they will be dropped if you select Deny packets with the selected IP options.

Under the other tab called IP Fragment, you can block IP fragments to block the type of traffic generated from those applications that fragment the packets so that they will not be detected by the firewall but you have to keep in mind that if you enable blocking of IP fragments, you may also block other types of traffic such as L2TP which is pretty common in every network having remote users.

Again under Behavioral Intrusion Detection in TMG, if you click on Configure Flood Mitigation Settings, you will be able to detect and block flood attacks towards the TMG and facing the network. Using this feature you will be able to specify the number of allowed different types of connections to a host and if there are more requests than that, it will be detected as a flood attack and will be denied. You can click on Edit to configure the settings for any of the connection types:

After all this configuration, if there is any traffic detected as attack, it will be logged under the Monitoring section in TMG and will be visible under Alerts. After knowing the source of the attack you will be able to easily block it using the firewall feature if it is not by default blocked.

You want to learn more? Check out my new book below and have access to great and practical tutorials and step-by-step guides all in one book:

To get more information about the book click on the book below:

1

Cheers

Private Cloud Security via Forefront TMG 2010

Good evening everyone… I need to thank those of you who attended my session in Microsoft TechDays 2011 event called Security Blackbelt Day at Microsoft auditorium. I hope you enjoyed it and it was useful. I shared the slides so that you could use them:

Private Cloud Security via Forefront TMG 2010 [slideshare id=10008891&w=425&h=355&sc=no]

Cheers

Security Blackbelt Day 2011

I’d like to announce that I’ll be speaking in Security Blackbelt Day 2011 held in Microsoft auditorium in Kuala Lumpur, Malaysia. This event which is to be held in two tracks for both developers and IT pros, is revolving all around security topics and technologies.

In my session which is called “Private Cloud Security via Microsoft Forefront TMG 2010” I’ll be talking about securing the private cloud infrastructure using Microsoft Forefront Threat Management Gateway 2010. In this session I will be mostly talking about different scenarios and how to place TMG in the network to better and more efficiently protect the private cloud. A lot of other topics like how to secure the connection between the public and private clouds will also be covered.

This is the Facebook link to the event. On this page you can also get more information about the topics and the speakers in this event.

Hope to see you there…

Cheers